Security Architect Lessons

Security Architect Lessons: What I Learned Managing and Assessing Cyber Risk at a Fortune 200

Michael Haag

I worked as the security leader of a global Fortune 200 organization for two years, where I was responsible for cyber security strategy, architecture, and risk reduction during an extended phase of rapid growth and acquisition. I focused on ensuring we had visibility across the most vital layers while working with each entity to mature their security posture and address … Read More

Security Team Development

Building a Winning Security Team: Practical Tips on Training and Team Development

Phil Hagen

The most fundamental truth in information security is that we need smart people to do the most important parts of the job. Regardless of how many racks of servers, gazillions of dollars of software, or dozens of threat intel “feeds” we invest in, they won’t provide the slightest impediment to adversaries without real live humans to run the show. This … Read More

Cryptocurrency Trends

Cryptocurrency Trends: Will Ransomware Be Overtaken by Miners?

Joe Moles

This last year you couldn’t turn on the TV, look at social media, or visit your favorite internet news source without being faced with another story of a ransomware compromise. These attacks are highly destructive and largely driven by financial gain. Threat trends and methods to “make a quick buck” will continue, while new methodologies rise to the forefront. Based … Read More

Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now

Joe Moles

While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More

Credential Harvesting

Credential Harvesting on the Rise

Keith McCammon, Chief Security Officer

Red Canary began to see its annual spike in credential harvesting attacks last week. These attacks typically increase as tax season approaches and adversaries gear up to file fraudulent tax returns. Here’s what organizations need to know to understand and mitigate the risk. How Credential Harvesting Works Adversaries send the victim a personalized lure, which is typically an email containing … Read More

Celebrating Red Canary’s Best Security Blogs of 2017

Suzanne Moore

2017 was a big year for the Red Canary blog! We wrote dozens of articles and added a roster of outstanding contributors—ranging from security analysts, threat researchers, technical account managers, and incident responders to C-level security experts both inside and outside of Red Canary. A few articles really caught the attention of the security community in 2017, so we wanted … Read More

Security Team

What Makes a Great Security Team? 4 Standout Qualities

Ben Johnson

This guest post was contributed by Ben Johnson, co-founder and CTO of Obsidian Security, a stealth startup based in Southern California. Prior to Obsidian, Ben co-founded and was CTO of Carbon Black. In infosec, we are often quick to call out the people, processes, and technology that we believe are selling snake-oil, are needlessly inefficient, or don’t perform as expected. … Read More